Task descriptions and dynamic behaviour of systems
While a system traditionally is modeled by structural decomposition into structural elements, the dynamic behaviour of systems and their actors is modelled by decomposition of the behavioral flow into events, acts, decisions, and errors. Such decomposition is the basis for identification of activity elements in terms of 'tasks' and task elements in terms of 'acts.' The problem is, that all work situations leave many degrees of freedom for choice by the actors, even when the objectives of work are fulfilled.
To complete a description of a task as being a sequence of acts, these degrees of freedom must be resolved by assuming additional performance criteria that appear to be 'rational' to a task analyst or instructor. They cannot, however, foresee all local contingencies of the future work context. In particular, a rule or instruction is often designed separately for a particular task in isolation whereas, in the actual situation, several tasks are active in a time sharing mode that poses additional constraints on the procedure to use.
These constraints are often not known by designers and work planners. In consequence, rules, laws, and instructions practically speaking are never followed to the letter. Strikes by civil servants take the shape of "working-according-to-rules." Even for highly constrained task situations such as nuclear power operation, modification of instructions is repeatedly found and the operators' violations of rules appear to be quite rational, given the actual work load and timing constraints. One implication in the present context is that following an accident it will be easy to find someone involved in the dynamic flow of events that has violated a formal rule just by following established practice. He or she is therefore likely to be exposed to punishment.
Consequently, accidents are typically judged to be caused by 'human error' on part of a train driver, a pilot, or a process operator. A task description or an instruction is an unreliable model for judging behavior during actual work, as found in a dynamic society
Jens Rasmussen & Inge Svedung, Proactive Risk Management in a Dynamic Society. Risk & Environmental Department, Swedish Rescue Services Agency, Karlstad First edition, 2000
A convenient notion ... the human is the problem
There is an almost irresistible notion that we are custodians of already safe systems that need protection from unreliable, erratic human beings (who get tired, distracted, do not communicate well, have all kinds of problems with perception, information processing, memory, recall, and much, much more). This notion is unsupported by empirical evidence when one examines how complex systems work. It is also counterproductive by encouraging researchers and consultants and organisations to treat errors as a thing associated with people as a component - the reification fallacy (a kind of over-simplification), treating a set of interacting dynamic processes as though they were a single object.
Behind Human Error, Woods et al, Ashgate 2010 p xviii
Mechanistic thinking vs Systems thinking about Failures
Mechanistic thinking about failures, that is, the Newtonian-Cartesian approach, means going down and in. Undersanding why things went wrong comes from breaking open the system, diving down, finding the parts, and identifying which ones were broken. The approach is taken even if the parts are located in different areas of the system, such as procedural control, supervisory layers, managerial levels, regulatory oversight.
In contrast, systems thinking about failures means going up and out. Understanding comes from seeing how the system is configured in a larger network of other systems, of tracing the relationships with those, and how these spread out to affect, and be affected by, factors that lie far away in time and space from the moment things went wrong.
"Drift into Failure - From hunting broken components to understanding complex systems" Sydney Dekker, Ashgate 2011. Page 132
Things that go right
Resilience Engineering sees the "things that go wrong" as the flip side of the "things that go right" and therefore assumes that they are a result of the same underlying processes. In consequence of that, "things that go right" and "things that go wrong" should be explained in basically the same way.
Highly Resilient Organisations
Highly resilient organisations can be recognised by the following four behaviours:
- They anticipate critical disruptions and situations and their consequences
- They notice the critical disruptions and situations when they occur
- They plan how to respond
- They adapt and move into different actions.
Task descriptions and dynamic behaviour of systems
While a system traditionally is modeled by structural decomposition into structural elements, the dynamic behaviour of systems and their actors is modelled by decomposition of the behavioral flow into events, acts, decisions, and errors. Such decomposition is the basis for identification of activity elements in terms of 'tasks' and task elements in terms of 'acts.' The problem is, that all work situations leave many degrees of freedom for choice by the actors, even when the objectives of work are fulfilled.
Biological principles for future internet architecture design
Biological systems have remarkable capabilities of resilience and adaptability. These capabilities are found in various biological organisms, ranging from microorganisms to flocks of animals and even human society.
Network Resilience: A Systematic Approach
Whether used for professional or leisure purposes, for safety-critical applications or e-commerce, the Internet in particular has become an integral part of our everyday lives, affecting the way societies operate. However, the Internet was not intended to serve all these roles, and, as such, is vulnerable to a wide range of challenges. Malicious attacks, software and hardwired faults, human mistakes (eg software and hardware misconfigurations) and large-scale natural disasters threaten its normal operation.
Four Essential Capabilities of Resilience
Erik Hollnagel proposes that there are four essential capabilities of resilience.
Response to Stress
The response of an organisation to stress is strikingly similar to the response of a ductile metal to stress. For a ductile metal, as load (or stress) is increased, it is able to recover or return to its original form when the load is removed, up to a point.